The news last week that two of the bigger names in the US computer security business were merging to create CyberTrust is the latest sign of change in the sector.

The new company, formed from TruSecure and Betrusted, is the eighth largest security company in the world and joins together one supplier with a reputation for threat intelligence with another known for managed services.

It also propels TruSecure along a path that seemingly is being followed by Symantec, Microsoft and many others.

Computer security companies are consolidating, which for an industry that two years ago was, according to one analyst, 'in the doldrums' - seems to be a fairly spectacular turnaround.

The reason for this sudden burst of castle-building and intelligence gathering is new corporate governance regulations and the potential threat of legal action against chief executives for negligence.

Over the summer, a top US computer security adviser told me he was once asked to give a talk on computer security risks to the chief executive of one of the biggest companies on Wall Street.

The adviser, a top civil servant in the Reagan administration, was stopped in mid-flow by the businessman, who said he wanted his lawyer present.

The lawyer was sent for, the adviser recounted the information he had given the chief executive and there was a hurried discussion between the businessman and the lawyer.

The businessman politely terminated the conversation. The reason was simple - what the executive did not know, he could not be held accountable for.

But in the wake of legislation such as Sarbanes-Oxley and Basel II and the planned European Union Auditing Directive, things have changed.

Senior executives are already having to sign pieces of paper to confirm their accounts are accurate, and if they are subsequently found not to be, they could go to prison.

Coupled with the emergence of Russian techno-crime gangs targeting the US and Europe, these factors are changing the computer security market and causing widespread repercussions.

Chief among these is the profile of computer security. Scan the papers and it would appear the world is about to be swept away by cybercrime.

Every day's email sees another phishing letter appear in the inbox, most coming from computer programmers in St Petersburg and the former Russian Baltic States working for organised crime syndicates. Warnings of computer viruses have become a fact of business life.

But it is only when those incidents are examined in a little detail that their significance becomes obvious. Take a couple from last week in the US.

In one incident mentioned by the US Secret Service, a 'logic bomb' destroyed 10 million customer records. In another, a phishing attack on a US bank, an error by the criminals caused the bank's servers to collapse for two days.

The phishing gang had sent 50 million emails in the bank's name from spamming lists it had bought. But 10 million were bogus names, so when the emails were rejected they were returned to the bank, causing a denial of service attack that took down its system.

Both were very visible events, and not the sort of thing that can be swept under the carpet as has often happened in the past - which is another irritant for the chief executive.

Forced to cut costs and make a return on investment, technologies such as voice-over-IP become very attractive. But when you are hit by a virus and your computers go down and your staff cannot communicate, computer security becomes 'mission critical', and your shortcomings as a leader are there for staff and customers to see.

Sarbanes-Oxley also affects those wanting to do business with the US - any flow of information into areas that are regulated is now controlled.

If you wish to do business with a bank or telco and you have to share data, you have to conform to the regulations that govern their data and many big companies are already falling in line.

Small wonder then that companies such as CyberTrust are forming.

According to John Holland, European managing director of CyberTrust, one of the drivers for the vendor is to be able to deliver intelligence on computer vulnerabilities on a worldwide basis so customers can really see what's going on.

If you know what's going on, you can protect your business and your data, so you can sign off the accounts safe in the knowledge there is no chance of prison.

In the future, part of that reassurance will be knowing the suppliers you are dealing with can also offer similar levels of assurance.

According to John Regnault, head of security for BT, the telco is insisting that suppliers guarantee comparable levels of computer security to BT.

Soon larger companies will be regularly demanding their suppliers do this, so chief executives can protect themselves against the poor computer security of any suppliers who may contaminate their data.

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit Computing every day.